CVE-2024-46953: 
Ghostscript vulnerability analysis and mitigation

An integer overflow vulnerability (CVE-2024-46953) was discovered in base/gsdevice.c in Artifex Ghostscript versions before 10.04.0. The vulnerability was disclosed on November 10, 2024, affecting Artifex Ghostscript software and various Linux distributions including Debian, Ubuntu, and SUSE (NVD, CVE).

The vulnerability occurs when parsing the filename format string for the output filename, which can result in path truncation. The issue stems from an integer overflow condition in the file name parsing functionality. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability can lead to path truncation, path traversal, and potential code execution on affected systems. The high severity rating indicates that successful exploitation could result in significant impact to system confidentiality, integrity, and availability (SUSE).

The vulnerability has been fixed in Ghostscript version 10.04.0. Various Linux distributions have released security updates to address this issue. Users are advised to upgrade to the latest version of Ghostscript or apply the available security patches from their respective distribution vendors (Debian, Ubuntu).